Cisco 1242AG Access Point proper configuration

Recently we decide to create a small WLAN in our business.We choose the Cisco AIR-AP1242AG-E-K9 with 2x2.4GHz 2.2dbi Swivel Dipole Antenna.

For better managability a new routable VLAN (ID:20) added to our Router with IP 192.168.55.1 and SNET 255.255.255.0

Next, I made the followings configurations in the autonomous AP through WEB Console:

Static IP:192.20.10.35, SNET:255.255.254.0, GWY:192.20.10.200

VLAN1 (Native) and VLAN20 (Radio0-802.11g) added into Services.

I set the Encryption Mode to None for VLAN1 and Cipher AES CCMP for VLAN20

Into Server Manager I defined a new RADIUS server 192.20.10.35 (AP IP) and a shared secret and left the default ports for Authentication and Accounting (1645 and 1646). Also, in Default Server Priorities section I set as Priotity 1 both for EAP and MAC authentication the Access Point IP (Radius Server) 192.20.10.35.

In Local RADIUS Server General Set-Up, I add as current network access server (AAA client) the same IP and shared secret like the ones I use during RADIUS server configuration above. Into Enable Authentication Protocols I left checked only the LEAP and MAC. Also, into Individual Users section 2 new users created with text passwords.

Into SSID Manager a new hidden SSID created for interface Radio0-802.11g, associated with VLAN20 and into Client Authentication Settings section I left as accepted Method Open Authentication with MAC authentication and EAP. Also, I left the Use Defaults option both for EAP and MAC Authentication Servers in Server Priorities Section and finally into Client Authenticated Key Management section I choose Mandatory for Key Management and checked the Enable WPA option.

I can ping both the AP and VLAN20 IPs from any PC which is a member of the native VLAN

As wireless clients I use 2 Motorola MC5574 with Windows Mobile 6.1 professional. Both of them have a Jedi WLAN adapter configured with the followings:

IPs:192.168.55.10 and 192.168.55.11

SNET:255.255.255.0

GWY:192.168.55.1

Also, a unique profile has been created on each one of them to be used for AP association-authentication. Each profile has been configured for WPA2 Enterprise with AES and LEAP and the predefined user credentials (those defined into AP for Individual Users)

What am I missing here? I'm sure that it is somenthing quite simple but although I tried several different setups (i.e. WPA2-PSK, WPA-PSK even with TKIP) I always end up without a proper solution for ping inability.

Re: Cisco 1242AG Access Point proper configuration

Currently I see radio 1 configured correctly but radio 0 has bridge-group 1 under main interface.

As you have mentioned that vlan 1 is native in your network, please create a radio sub interface for radio 0 and mark it native.

That is,

Int dot110.1

encapsulation dot1Q 1 native

Bridge-group 1

Just make the above change. If you want to add multiple SSIDs then every SSID should be mapped with a unique vlan and also the VLAN should be allowed on the trunk port of the connected device as you said.

You can find detailed steps from the link : http://www.cisco.com/en/US/products/hw/wireless/ps4570/products_configuration_example09186a00801d0815.shtml#vlanap

Re: Cisco 1242AG Access Point proper configuration

Hello again,

I did follow your recommendations, and my motorola handheld clients are now properly associated and authenticated to the AP.

They can even ping each other!

The only remaining problem is that the handhelds still can't reach (ping) the AP not the VLAN20 Ip Address. I believe that this will be fixed as soon as I will add VLAN20 to the associated trunk port(s) of my Router. Is this correct Madhuri?

Re: Cisco 1242AG Access Point proper configuration

Currently I see radio 1 configured correctly but radio 0 has bridge-group 1 under main interface.

As you have mentioned that vlan 1 is native in your network, please create a radio sub interface for radio 0 and mark it native.

That is,

Int dot110.1

encapsulation dot1Q 1 native

Bridge-group 1

Just make the above change. If you want to add multiple SSIDs then every SSID should be mapped with a unique vlan and also the VLAN should be allowed on the trunk port of the connected device as you said.

You can find detailed steps from the link : http://www.cisco.com/en/US/products/hw/wireless/ps4570/products_configuration_example09186a00801d0815.shtml#vlanap

Re: Cisco 1242AG Access Point proper configuration

Commands added via CLI. I checked through the WEB interface. As I show, they actually add a check mark to the 802.11g Radio interface for VLAN1.

Thank you very much for your help Madhuri

Best Regards

Vasilis

PS. I managed to add VLAN20 on every switch trunk port (incl uplinks) covering the path from Access Point final position to the first switch after the Router. That switch is connected with 4 ports with the Router but these port have been configured as port-channel 2. My question is how can I add VLAN 20 on both sides Router-Switch but I guess this question has to be placed in another section.

This is the start of a display filter cross reference between Wireshark and OmniPeek.
The 1st installment is a table of advanced filters. More filters will be added as time allows.
It is a living doc, so check back for changes every so often
Please feel ...
view more